package cn.sixmillions.uaa.config;

import org.springframework.boot.autoconfigure.security.servlet.PathRequest;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

/**
 * @author lbw
 */
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        //访问控制
        http.authorizeHttpRequests(req -> req
                        .antMatchers("/login", "/error", "/logout").permitAll()
                        .anyRequest().authenticated())
                //Http Basic登录
                .httpBasic(basic -> basic.realmName("Tip: Bad Auth"))
                //表单登录
                .formLogin(form -> form.loginPage("/login"));
    }

    @Override
    public void configure(WebSecurity web) {
        web.ignoring().antMatchers("/img/**")
                .requestMatchers(PathRequest.toStaticResources().atCommonLocations());
    }
}